Language Selection

English French German Italian Portuguese Spanish Advisories

Syndicate content LinuxSecurity - Security Advisories
The central voice for Linux and Open Source security news.
Updated: 2 hours 26 min ago

Fedora 33: redis 2021-8913c7900c>

Tuesday 12th of October 2021 07:47:15 PM
**Redis 6.0.16** - Released Mon Oct 4 12:00:00 IDT 2021 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2021-41099**) Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value [reported by yiyuaner]. *

Fedora 33: xstream 2021-fbad11014a>

Tuesday 12th of October 2021 07:47:14 PM
``` * Mon Oct 04 2021 Didik Supriadi - 1.4.18-2 - Enable activation, cglib, dom4j, jdom, and jdom2 * Fri Oct 01 2021 Didik Supriadi - 1.4.18-1 - Update to version 1.4.18 ```

Fedora 34: flatpak 2021-4b201d15e6>

Tuesday 12th of October 2021 07:46:05 PM
Update to 1.10.5 Fix CVE-2021-41133

Fedora 34: httpd 2021-2a10bc68a4>

Tuesday 12th of October 2021 07:46:03 PM
This update addresses CVE-2021-42013. It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these

Fedora 34: mediawiki 2021-eee8b7514f>

Tuesday 12th of October 2021 07:45:15 PM

Debian: DSA-4984-1: flatpak security update>

Tuesday 12th of October 2021 05:27:27 PM
It was discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could be bypassed for a Flatpak app with direct access to AF_UNIX sockets, by manipulating the VFS using mount-related syscalls that are not blocked by Flatpak's denylist

openSUSE: 2021:3387-1 important: the Linux Kernel>

Tuesday 12th of October 2021 05:23:33 PM
An update that solves 7 vulnerabilities and has 53 fixes is now available.

SciLinux: SLSA-2021-3801-1 Important: kernel on SL7.x x86_64>

Tuesday 12th of October 2021 05:05:43 PM
kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) * kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) * kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656) For more details about the security issue(s), [More...]

SciLinux: SLSA-2021-3810-1 Moderate: libxml2 on SL7.x x86_64>

Tuesday 12th of October 2021 05:05:23 PM
libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 libxml2-2.9.1-6.el7_9.6.i686.rpm libxml2-2.9.1-6.el7_9.6.x86_64.rpm libxml2-debuginfo-2.9.1-6.el7_9.6.i686.rpm libxml2-debuginfo-2.9.1-6.el7_9.6 [More...]

SciLinux: SLSA-2021-3798-1 Moderate: openssl on x86_64>

Tuesday 12th of October 2021 05:04:45 PM
openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE - Scientific Linux Development Team

SciLinux: SLSA-2021-3807-1 Low: 389-ds-base on SL7.x x86_64>

Tuesday 12th of October 2021 05:04:12 PM
389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE Bug Fix(es): * A plugin can create an index. Even if the index can be used immediately (for searches) the index remains offline until further rein [More...]

RedHat: RHSA-2021-3816:01 Important: httpd:2.4 security update>

Tuesday 12th of October 2021 12:18:10 PM
An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,

openSUSE: 2021:1350-1 important: chromium>

Tuesday 12th of October 2021 11:58:47 AM
An update that fixes 25 vulnerabilities is now available.

RedHat: RHSA-2021-3810:01 Moderate: libxml2 security update>

Tuesday 12th of October 2021 11:32:47 AM
An update for libxml2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2021-3798:01 Moderate: openssl security update>

Tuesday 12th of October 2021 11:32:33 AM
An update for openssl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2021-3801:01 Important: kernel security and bug fix update>

Tuesday 12th of October 2021 11:32:28 AM
An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

RedHat: RHSA-2021-3807:01 Low: 389-ds-base security and bug fix update>

Tuesday 12th of October 2021 11:32:21 AM
An update for 389-ds-base is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from

RedHat: RHSA-2021-3811:01 Moderate: rh-mysql80-mysql security, bug fix,>

Tuesday 12th of October 2021 10:13:16 AM
An update for rh-mysql80-mysql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which

Debian LTS: DLA-2783-1: hiredis security update>

Tuesday 12th of October 2021 07:23:31 AM
It was discovered that there was an integer-overflow vulnerability in hiredis, a C client library for communicating with Redis databases. This occurred within the handling and parsing of 'multi-bulk' replies.

RedHat: RHSA-2021-3771:01 Important: grafana security update>

Tuesday 12th of October 2021 06:56:04 AM
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

More in Tux Machines

today's leftovers

  • GNU Parallel 20211022 ('Sinclair') released

    GNU Parallel 20211022 ('Sinclair') has been released. It is available for download at: lbry://@GnuParallel:4

  • Python Permutations of a List

    You might have heard or worked on permutations in Mathematics or Calculus. In the realm of mathematics, it’s a very well-known idea. The permutation is said to be a set of possible outcomes generated from a single set. Similarly, the Python language also supports permutation by utilizing some of its built-in methods and modules. Today, we will learn to get the possible permutations of a single list by using different methods in Python.

  • Enrico Zini: Scanning for imports in Python scripts

    I had to package a nontrivial Python codebase, and I needed to put dependencies in I could do git grep -h import | sort -u, then review the output by hand, but I lacked the motivation for it. Much better to take a stab at solving the general problem

  • C++ recursive function

    A process in which a specific function calls itself either directly or indirectly is known to be a recursion, and that respective function is a recursive function. The recursion process deals with the iteration of several numbers to the same function. To terminate the execution of a recursion process, we need to have a base case followed by any condition. This tutorial uses the involvement of recursion functions in C++, so before reading this, you must be familiar with the basics of this programming language. Recursion is an effective approach to dissolve the issues like complex mathematical computations tasks. This is done by distributing the task into sub-tasks. This process is done by following the divide and conquer rule. It’s not a mandatory thing to always use a recursion process in your program for the repetition. Any problem that is resolved through recursion can also get solved through iteration. But the recursive function is more efficient in programming as the code is very short and easily understandable while performing the same task. The recursion process is always recommended for issues like searching and sorting, tree traversals, etc.

  • C++ iterator tutorial

    An iterator is a pointer-like object that points towards an element present inside the container like arrays, structures, etc. A pointer is used to move through the data inside the container. Iterators play an important role in connecting with the containers through the algorithms. The pointer is an absolute part of the pointer. A pointer can iterate through the containers having elements by navigating and pointing towards the specific element. But not all the iterators are the same as pointers. The big advantage of iterator is that it offers an interface for any container type. Iterators are capable of making the algorithms independent of the container type. In other words, iterators are applied to every data type and every container.

  • C++ Diamond Problem

    A diamond problem is an issue that occurs in programming languages, especially in C++, when you are using multiple inheritances. Multiple inheritances in C++ are commonly used as a tool when the code is very lengthy. So to handle the source code, we use classes to manage the program. However, the multiple inheritances cause a problem if it is not used properly. These problems mainly contain the DIAMOND problem. This tutorial aims to highlight the main factors of the diamond problem, how it occurs from the multiple inheritances, and all the solutions required to resolve it. To execute the programs regarding “C++ diamond inheritance” in the Linux operating system, you need to have an Ubuntu system installed and running on the Virtual machine. Two tools are used. One is any editing tool, and as such, we will use the default “text editor” of Linux. You may use other preferred editing tools. The second one is the Ubuntu terminal. On which, you will run the program and can see the output displayed. First, we will discuss multiple inheritances in the article, as the “diamond problem” occurs in the case of having inheritance in the source code.

  • Fun and Scary Code from Qt and KDE

    These are some really cool or obfuscated code snippets for your amusement. We didn’t want to rate them, so the order doesn’t mean anything at all Just to make sure that there’s no misunderstanding: This code really is/was in the Qt or KDE repositories.

  • Retiring the I18N_NOOP macros

    Since decades KDE’s translation and localization framework KI18n provides a mechanism for marking strings for message extraction and deferred translation, the I18N_NOOP prepprocessor macros. Those can be very error prone though, so for KDE Frameworks 5.89 there is now a proposed replacement.

Open Hardware/Modding: Game Boy, RISC-V, and More

  • An Open Source Game Boy Printer That Doesn’t Print | Hackaday

    While we’ll admit seeing your Game Boy Camera shots come out on a little slip of thermal paper was pretty neat back in 1998, anyone who’s still using the Game Boy Printer these days is probably more interested in getting their images in digital form. Which is why the open source NeoGB Printer is so exciting. A collaborative effort between [Rafael Zenaro], [Raphaël BOICHOT], and [Brian Khuu], the project combines an ESP32 development board and some common components with their GPLv3 firmware to fully emulate the Game Boy Printer hardware. Once plugged into your Game Boy, any of the 110 titles that support Nintendo’s paper-pushing peripheral will recognize the NeoGB Printer as the real deal and happily send along the image.

  • Alibaba unveils RISC-V XuanTie processors - LinuxStoney

    Alibaba, one of the largest Chinese IT companies, announced the discovery of developments related to XuanTie E902, E906, C906 and C910 processor cores, based on the 64-bit architecture of the RISC-V instruction set. The open XuanTie kernels will develop under the new names OpenE902, OpenE906, OpenC906, and OpenC910. Diagrams, descriptions of hardware blocks in Verilog language, simulator and accompanying project documentation are published on GitHub under the Apache 2.0 license. Separately published adapted to work with chips XuanTie versions of compilers GCC and the LLVM , library Glibc to , tools of Binutils , loader the U-the Boot , the Linux kernel , middleware interface OpenSBI (RISC machines-the V the Supervisor Binary Interface), a platform for the creation of embedded Linux-based systems Yocto Project , and See also patches for launching the Android platform.

  • Mechanical Linkage CAD For Everyone | Hackaday

    The documentation says that it appears to run under Wine as well if you prefer to run it under Linux.

  • Mapping Dance syncs movement and stage lighting using tinyML | Arduino Blog

    Being able to add dynamic lighting and images that can synchronize with a dancer is important to many performances, which rely on both music and visual effects to create the show. Eduardo Padrón aimed to do exactly that by monitoring a performer’s moves with an accelerometer and triggering the appropriate AV experience based on the recognized movement. Padrón’s system is designed around a Raspberry Pi 4 running an MQTT server for communication with auxiliary IoT boards. Movement data was collected via a Nano 33 BLE Sense and its onboard accelerometer to gather information and send it to a Google Colab environment. From here, a model was trained on these samples for 600 epochs, achieving an accuracy of around 91%. After deploying this model onto the Arduino, he was able to output the correct gesture over USB where it interacts with the running Python script. Once the gesture is received, the MQTT server publishes the message to any client devices such as an ESP8266 for lighting and plays an associated video or sound.

Security Leftovers

  • Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim

    Hey Missouri: stop electing technically illiterate dipshits. First you had Claire McCaskill, one of the key sponsors of FOSTA (who is still defending it years later). You got rid of her, but replaced her with Josh Hawley, who seems to think his main job in the Senate (besides whipping up support for insurrectionists and planning his run for the Presidency) is to destroy the internet and reshape it according to his own personal vision.

  • Irving Wladawsky-Berger: The Complex Interplay Between Cybersecurity and Regulatory Compliance

    Cybersecurity threats have significantly increased since March of 2020 when much of the economy was forced online to help us cope with the Covid crisis, including a number of high profile attacks by international criminal groups and adversarial governments. This past June, FBI Director Christopher Wray compared the danger of ransomware attacks on US firms by Russian criminal groups to the 9/11 terrorist attacks. When Biden and Putin met in Geneva a few weeks later, cyberweapons control was at the top of the agenda, a spot previously occupied by the control of nuclear weapons. It’s been clear for a while that in a world increasingly governed by digital data and transactions, our existing cybersecurity methods have been far from adequate. To learn more about this very important area, earlier this year I joined CAMS, MIT’s interdisciplinary cybersecurity initiative, and started attending its research seminars. At a recent seminar, I heard a very interesting presentation on Compliance and Cybersecurity by CAMS research affiliate Angelica Marotta. Her seminar was based on Convergence and divergence of regulatory compliance and cybersecurity, a recent paper she co-authored with MIT professor Stuart Madnick.

  • Supply Chain Attack: NPM Library Used By Facebook And Others Was Compromised [Ed: Microsoft is serving malware]

    Here at Hackaday we love the good kinds of hacks, but now and then we need to bring up a less good kind. Today it was learned that the NPM package ua-parser-js was compromised, and any software using it as a library may have become victim of a supply chain attack. What is ua-parser-js and why does any of this matter? In the early days of computing, programmers would write every bit of code they used themselves. Larger teams would work together to develop larger code bases, but it was all done in-house. These days software developers don’t write every piece of code. Instead they use libraries of code supplied by others.

  • Malware Discovered in Popular NPM Package, ua-parser-js [Ed: Microsoft is serving malware again, but nobody even mentions Microsoft]

    Versions of a popular NPM package named ua-parser-js was found to contain malicious code. ua-parser-js is used in apps and websites to discover the type of device or browser a person is using from User-Agent data. A computer or device with the affected software installed or running could allow a remote attacker to obtain sensitive information or take control of the system.

  • Big Tech is pushing a 'national cloud.' Critics say Big Tech would profit from it.

    A steady drumbeat from some of the most influential executives in the technology industry has emerged in recent months to push the idea that the U.S. government should invest in a "national research cloud" — a hub for U.S. research into artificial intelligence where researchers from academia and smaller tech companies could share data sets and other resources.

    It's an idea that has been backed by a government commission led by ex-Google CEO Eric Schmidt and including executives from Amazon, Microsoft and Oracle, which recommended that the Biden administration create a hub for U.S. research into artificial intelligence. The White House has warmed up to the idea, ordering another report on it due next year with an eye toward competing with China on the development of artificial intelligence.

  • Windows ransomware gang moves earnings, others slam US after REvil takedown

    A number of Windows ransomware gangs have reacted to the reported takedown of the REvil gang, with one of them, Darkside, now known as BlackMatter, moving some of the bitcoin it holds, according to a statement from the cryptocurrency tracking firm Elliptic.

  • The True Cost of Upgrading Your Phone

    But financial advisers see this differently. By some estimates, an investment of $1,000 in a retirement account today would balloon to about $17,000 in 30 years.

    In other words, $700 to $1,000 — the price range of modern smartphones — is a big purchase. Fewer than half of American adults have enough savings set aside to cover three months of emergency expenses, according to the Pew Research Center. Yet one in five people surveyed by the financial website WalletHub thought a new phone was worth going into debt for.

  • Geriatric Microsoft Bug Exploited by APT Using Commodity RATs [iophk: Windows TCO]

    Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent as it is ancient.

  • Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India [iophk: Windows TCO]

    A typical infection would consist of a malicious document, such as an RTF file exploiting CVE-2017-11882, a stack overflow vulnerability that enables arbitrary code execution on a vulnerable version of Microsoft Office.

    The recon phase deployed a custom file enumerator and infector module. This module aimed to discover all the different Office files on an infected endpoint. The infector module is meant to weaponize all .doc, .docx and .rtf files present in removable drives connected to the system to exploit CVE-2017-11882.

    The attack phase consists of deploying RAT payloads, such as DcRAT and QuasarRAT, to the victim's endpoint instead of the file recon and infector modules seen previously. All the malware observed in the attack phase of the campaign consisted of commodity RATs compiled and deployed with minimal changes.

today's howtos

  • Fixed: Add-Apt-Repository Command Not Found Error on Ubuntu/Debian - DekiSoft

    When you try to add a new software repository then there are chances you face the “add-apt-repository command not found’ Ubuntu error, this article shows you to FIX it for good. This is used to indicate that its package is missing from the system.

  • Jenkins: Freestyle vs pipeline jobs - Anto ./ Online

    Let’s look at some of the differences between Jenkins freestyle and pipeline jobs.

  • Ansible: Basic concepts (playbooks, modules, collections) - Anto ./ Online

    Let’s look at playbooks, modules, and collections in Ansible. These are basic concepts, but you must know this to get started with Ansible. This guide will describe their roles in the automation process.

  • Ansible: Writing your first playbook - Anto ./ Online

    Let’s try to automate something and write our Ansible playbook. For our first example playbook, we’ll configure a server to run a web server using Nginx.

  • How to Install PHP 7.4 on CentOS 8 – LinuxWays - TechStony

    PHP (Hypertext Preprocessor) is the most commonly used server-side scripting language that is used to create dynamic websites. All most popular CMS (Content Management Systems) and frameworks such as WordPress, Laravel, and Magento are built in PHP programming. You will explore in this guide how you can install PHP 7.4 version on CentOS 8 system. Different PHP versions are available for installation on CentOS 8. Before choosing a PHP version for installation from all of them, make sure this version must meet the application requirements.

  • How to install FreeOffice on a Chromebook

    Today we are looking at how to install FreeOffice on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • Install ownCloud on Linux Mint 20 – LinuxWays - TechStony

    ownCloud is an efficient cross-platform software used for file hosting services. Originally, ownCloud works pretty much like Dropbox, however, there are such plugins available with the help of which you can make it function like Google Drive. In this article, we want to share with you the steps of installing ownCloud on a Linux Mint 20 system.

  • How IT pros can set boundaries and protocols - TechRepublic
  • How To Install ONLYOFFICE Desktop Editors on Ubuntu 20.04 LTS - idroot

    In this tutorial, we will show you how to install ONLYOFFICE Desktop Editors on Ubuntu 20.04 LTS. For those of you who didn’t know, ONLYOFFICE offers a secure online office suite highly compatible with MS Office formats (DOCX, XLSX, PPTX). ONLYOFFICE is available for Linux, Windows, and macOS users. Freely distributed under the terms of AGPL v3. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the ONLYOFFICE Desktop Editors free and open-source office suite on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.

  • How to Clear apt-cache on Debian 10 – LinuxWays - TechStony

    Apt (Advanced Packaging Tool) is a command-line package installation and dependency management utility in Debian-based distributions. When you install packages in Debian using the apt-get or apt command, a copy of the .deb file is saved in the /var/cache/apt/archives directory. If you uninstall and reinstall a package, your system will look for it in the cache and download it from there rather than downloading it again. If you run out of disk space on your Debian system, you can clear the apt-cache and free up some space. In this guide, you will learn how to clear the apt-cache on Debian.

  • How to Install Dooble Browser on Ubuntu 20.04 – LinuxWays - TechStony

    There are tons of browsers available to install on any operating system. Although many people prefer Chromium browsers, some users prefer something different depending on their needs. Dooble is one browser that helps users to customize their internet browsing. Today I will show you how to install a highly customizable and privacy-focused browser that makes your workflow professional. The Dooble browser does things that other browsers might not be able to do in some cases. To follow along, you will need a running Ubuntu 20.04 LTS instance.

  • How to Install Krita on Ubuntu 20.04 LTS – LinuxWays - TechStony

    Krita is an exclusive painting program that helps artists to unleash their professional skills in the digital world. It uses the latest KD supported technologies to help digital artists to create digital art. Krita is tightly bonded with KDE and works flawlessly on any distribution. I am using Ubuntu 20.04 LTS and will guide you to install Krita on your Ubuntu system.

  • How to Install Nginx with PHP-FPM on Debian 11

    Throughout this post, we will take you to step by step to install Nginx with PHP-FPM on Debian 11. Before we start, it is necessary to explain what Nginx and PHP-FPM are to get a better understanding of the process. Nginx is an open-source HTTP web server that stands out for being very fast and efficient. In addition, Nginx is ready to be used as a reverse proxy. In this mode, it is used to balance the load between back-end servers, as well as to be used as a cache on a slower back-end server. One of the main advantages of using Nginx is that it processes tens of thousands of simultaneous connections in a compact, multi-core CPU process. This is why it is so lightweight, efficient, and above all robust.

  • How to run Mysql 8 with Docker and Docker-Compose

    In this guide we are going to explore how to run Mysql 8 locally with docker and docker compose. This can be helpful if you want to run Mysql 8 locally without installing it in your machine or if you want to run multiple versions of Mysql seamlessly.

  • Exploring Text Editors in Ubuntu 20.04 - ByteXD

    In Ubuntu, we can use text editors for the configuration of files, editing files, writing codes, and much more. There are two types of text editors; Command-line Interface (CLI) and Graphical User Interface (GUI). Today in this article, I will discuss the most commonly used text editors in Ubuntu 20.04.

  • Setting up Let's Encrypt certificates for the 389-ds LDAP server |

    In the past months I’ve set up LDAP at home, to avoid having different user accounts for the services that I run on my home hardware. Rather than the venerable OpenLDAP I settled for 389 Directory Server, commercially known as Red Hat Directory Server, mainly because I was more familiar with it. Rather than describing how to set that up (Red Hat’s own documentation is excellent on that regard), this post will focus on the steps required to enable encryption using Let’s Encrypt certificates.

  • Install Ambiance (or Radiance) Theme on Ubuntu 20.04 LTS - Linux Shout

    Do you want to switch to the old Ambiance app theme on Ubuntu 20.04 LTS Focal Fossa? Then via this article, we let you know how to do that in a very easy way. Well, earlier in the old versions of Ubuntu we were getting Ambiance or Radiance as the default theme. However, this got changed with the release of Ubuntu 19.10 because since then we have had Yaru as the default one. Nevertheless, that doesn’t mean we cannot switch back to the old days (themes) on the newer versions of Ubuntu. After all, it is just a theme but may give some a familiar feeling. And the best thing is the package to install the Ambiance theme is available in the default official repo of Ubuntu, hence just follow the given steps.